HIDE PHYSIOTHERAPY PRIVACY NOTICE
Hide Physiotherapy Limited (HPL) regards the privacy and security of the personal information you share with us as very important. The information you provide is subject to the General Data Protection Regulations (GDPR 2018) and the UK Data Protection Act (DPA 2018).
We have created this Privacy Notice to inform you of your rights, to explain why HPL collect Personal Data about you, and how your Personal Data will be used and stored. This Privacy Notice applies to all data collected via our website and in our clinics.
HPL is responsible for the security and confidentiality of all your Personal Information, held both electronically and in paper format. We use a combination of working practices and technology to ensure your information is kept confidential and secure.
Information we may collect from you
During the course of your treatment at HPL, we are required to collect and store some of your Personal Information such as your name, address, date of birth, email address, telephone number, medical insurance membership and authorisation numbers. We may also hold GP and Consultant information, and details of treatment provided, this may include sensitive medical information, results of X-Rays, MRI, CT, Ultrasound scans and any other tests. These records help us to provide you with the best possible care, and may also be necessary for us to send you correspondence and exercise programmes.
As a practice we participate in a National Audit called Data for Impact which is run in collaboration with the University of Brighton and PhysioFirst. For the purpose of this audit, with your consent, we may submit anonymised data about your treatment.
Information will be collected:
When you contact HPL to book an appointment
When you register at HPL
Throughout your treatment with us
When your personal information changes or is updated (for example change of address)
If you submit an enquiry to us via email or phone and you have consented to having your details stored.
We may also get information from any third party who refers you or books an appointment on your behalf, such as family members, insurance companies, GP’s and Consultants, (e.g. referrals, medical reports, updates after appointments or procedures/surgery, Consultant/GP appointments).
Sometimes it may be necessary for us to contact third party providers to supplement the personal information you give us (e.g. to validate your private medical insurance information with an insurance company, when processing invoices) to help us maintain the accuracy of your data and help provide you with a better service.
Personal information we collect automatically
When you visit our website we automatically receive and record information on our server logs from your browser or mobile platform, including your location, IP address, cookie information, and the page you requested. We treat this data as non-Personal Information, except where we are compelled to do otherwise by law or legal authority.
This data is only used in aggregate form to allow Google Analytics to monitor how our customers, collectively, use the Website. This is statistical data about your browsing actions and patterns and does not identify you as an individual. Google Analytics Terms of Service prohibits the tracking or collection of personal information, and we adhere to these terms.
If you wish to opt out of being tracked by Google Analytics, we advise you to look at the google Analytics Browser opt-Out Add-on.
Cookies
We may obtain information about your general internet usage by using a cookie file which is stored on your computer. Cookies contain information that is transferred to the hard drive on your computer, to help us improve our site and deliver a better and more personalised service.
You may refuse to accept cookies by activating the setting on your browser which allows you to refuse the setting of cookies. If you select this setting you may be unable to access certain parts of our site. Unless you have adjusted your browser setting to refuse cookies, our system will automatically issue cookies when you log on to our website.
Collection and use of children’s personal information
We only collect personal and medical information required to effectively treat children, this information will be obtained from the parent or guardian chaperoning the child for their appointment. Records will be stored in line with Data Protection laws and all the confidentiality guidelines issued by professional bodies such as The Chartered Society of Physiotherapy (CSP) and The Health and Care Professions Council (HCPC). From the age of 16 patients can consent themselves.
What we do with your information
It is the legal obligation of HPL to complete and store clinical notes related to your assessment and treatment. These notes will likely contain sensitive confidential and personal information such as your medical history and details of previous and current treatment episodes. We use this information to obtain details relevant to your treatment and for medical and internal record keeping. This information will only be kept as long as necessary to comply with UK law and the requirements of relevant professional bodies.
We would like to make it clear that HPL will never pass any of your contact details to a third party and under no circumstances pass on any of your clinical records unless you have given your expressed written consent in cases where medical reports are required as part of your treatment. If you have been referred to HPL by a medical practitioner such as a GP or Consultant, then update and discharge letters are often sent to the referrer.
The confidentiality of your personal information is of the utmost importance to us, and we comply with Data Protection laws and all the confidentiality guidelines issued by relevant professional bodies.
We may use your personal information for the following purposes:
Clinic Registration / Appointments
We will use your name, address, date of birth, telephone number and email address to register you with HPL, for the services we provide and to communicate important information with you. We may obtain additional personal information about you, such as address change and any changes to your health information, correspondence from other healthcare professionals and insurance companies throughout your treatment and also if you return to the clinic in future to keep our records current.
Invoicing & Insurance Companies
When processing insurance claims, on your behalf, your name, address, date of birth and insurance policy details will need to be provided to your insurance company to enable them to process the claim. This information may be communicated via post, telephone or email.
Appointment Reminders & Clinic News
We may use your information to send confirmation and reminder texts/emails of your appointments and for any correspondence regarding your treatment.
We may contact you from time to time, regarding clinic news and information about our services. You have the right to request to opt out of these communications.
Response to Legal Requests
We may receive requests from third parties (e.g. solicitors if there is a personal injury claim), for information relating to your assessment and treatment. We will only photocopy your physiotherapy records and provide electronic records on request providing we have written authorisation from you.
Accessing Your Personal Information / Your Rights
The DPA and GDPR give you the right to access information held about you. Please write to us or contact us by email if you wish to request a copy of the information we hold relating to you. Reasonable requests for information will be free of charge and supplied within 1 month. Written requests are to be addressed to Hide Physiotherapy Limited, 35 Dymchurch Road, Hythe, Kent CT21 6JE, or emailed to hidephysiotherapy@btinternet.com
If the request for data is complex or numerous, we reserve the right to extend this period by a further two months.
Updating Your Personal Information
You have the right to change the permissions that you have given us in relation to how we may use your data. You have the right to request that we cease using your data or that we delete all personal data records that we hold relating to you.
Data Retention
Please be aware that in the case of Clinical Records we have a legal obligation to retain these for at least 8 years after the date of your last appointment treatment.
If a patient is still a minor at the date of their last treatment, we are legally required to retain their information until their 25th birthday.
SECURITY OF YOUR INFORMATION
Security of your information is important to us. We have put in place procedural and electronic processes to safeguard and protect your information. Paper notes are stored securely in locked filing cabinets which only our staff have access to. Personal Data is also stored electronically on our Appointment/Billing System Private Practice Software (PPS), Rushcliff Limited, who also have their own Privacy Policy. All our staff have a legal duty to respect the confidential information we hold, and access to this information is restricted to those who have a reasonable need to see it.
We provide reasonable security measures in connection with securing personal information held by us, including:
We work to update our security practices to protect your Personal Data and we review our security procedures carefully.
We comply with appropriate laws and security standards.
We securely transmit your sensitive personal information.
We train our staff and require them to safeguard your data.
Changes to our Privacy Notice
We reserve the right to make changes or updates to our Privacy Notice at any time. Our up-to-date Privacy Policy will be displayed on our website hidephysiotherapy.co.uk.
If you have any questions or comments regarding our Privacy Notice, please contact HPL in writing at Hide Physiotherapy Limited, 35 Dymchurch Road, Hythe, Kent CT21 6JE.
(Updated January 2023)